On the Internet, Nobody Knows You’re a Syrian
Posted by Clif Burns at 7:59 pm on May 14, 2013
Category: OFAC • Syria
According to this report, Network Solutions in April seized over 700 domain names relating to Syria. Among these were sites used by the Syrian Electronic Army, a pro-Assad hacker group that has achieved some notoriety for taking over the AP’s Twitter account and pushing out a false tweet about alleged explosions at the White House. They also hacked The Onion’s Twitter account which led to this memorable story and headline on the satire site: “Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Death At Hands of Rebels.” All of the domains now show the owner as “OFAC Holding.” A complete list can be found here.
Frequent readers of this blog will no doubt be aware that OFAC has issued a series of general licenses permitting provision in sanctioned countries of services incident to personal communications over the Internet. However, General License No. 5 for Syria explicitly excludes from the General License “domain name registration services.”
Of course, shutting down the sites now does not negate the violation that occurred in providing these web hosting services to Syria in the first place. And a large part of the problem here is that domain services are normally provided without any human involvement. A registrant fills out a web form, hands over a credit card number to pay for the annual fee, and a computer program takes care of the rest. Add to that, as the famous New Yorker cartoon caption suggests, “on the Internet, nobody knows you’re a dog.” It is simply not clear how Network Solutions could screen out every registration from an embargoed country. Instead, it seems the best an Internet registrar can do is shut down the domain names once it learns of the problem.
The big questions, then, are this: does Network Solutions have a voluntary disclosure pending at OFAC on this and what will OFAC’s response be?
Snooping on the Snoopers
Posted by Clif Burns at 6:02 pm on May 2, 2013
Category: BIS • Syria
ABOVE: Computerlinks FZCO
HQ, DSO Building, Dubai
The Dubai subsidiary of Munich-based Computerlinks recently agreed to pay $2.8 million dollars to the Bureau of Industry and Security (“BIS”) to settle charges that the Dubai subsidiary exported sophisticated Internet surveillance software to Syria without the required licenses. BIS had previously placed one individual and one company in the U.A.E. on the entity list in connection with the unlicensed export of these Internet devices to Syria
The charging documents are unusually detailed and reveal what appears to have been a systematic effort by the Dubai subsidiary to lie to Blue Coat, the manufacturer of the devices, about the ultimate destination of the equipment. One of the exports at issue was described as follows:
On or about October 29,2010, Computerlinks FZCO placed an order with Blue Coat for eight devices used to monitor and control web traffic along with accompanying equipment and software. Computerlinks FZCO falsely stated that the items were intended for the Iraq Ministry of Telecom, concealing the fact that the items actually were destined for Syria. Upon receiving the order, Blue Coat reexported the items from its facility in the Netherlands to Computerlinks FZCO in the U.A.E. On or about December 15, 2010, Computerlinks FZCO directed the items’ transfer within the U.A.E. for their subsequent shipment to Syria for use by the state-run Syrian Telecommunications Establishment (STE).
This is one of the highest fines BIS has ever imposed, ranking, by my count, only behind the $15 million imposed on Balli Aviation and related companies in 2010. This is due, in part, to the fact that this violation was not voluntarily disclosed. In fact, judging from the gleeful and somewhat self-serving press release from Blue Coat commending BIS for whacking Computerlinks, it is reasonable to assume that Blue Coat discovered the diversion and dropped the dime on Computerlinks.
No doubt Blue Coat discovered the diversion because the devices that Syria used to snoop on its citizens were probably also snooping on Syria at the same time. And you have to be more than a little surprised that the people at the Dubai subsidiary of Computerlinks were too stupid to realize that this would happen.
Firm Sues Florida Over State Sanctions on Cuba, Syria
Posted by Clif Burns at 5:17 pm on June 5, 2012
Category: Cuba Sanctions • Syria
Odebrecht Construction, Inc., a U.S. subsidiary of the Brazilian firm Odebrecht S.A., filed suit on Monday in federal court asking the court to declare as unconstitutional a Florida law which prohibits the award of state and local contracts to companies with business in Cuba or Syria. The law, signed by Governor Scott last month, goes into force on July 1.
Odebrecht S.A. is currently involved in a massive renovation project for the port in Mariel, Cuba, which is destined to take all the commercial traffic from the port at Havana when the project is completed. The Florida subsidiary has been responsible for, among other things, improvements to the Miami International Airport in Florida.
Of course, the sustainability of the Florida law is in serious question after the U.S. Supreme Court’s decision in Crosby v. National Foreign Trade Council, 530 U.S. 363 (2000). In that case, the Supreme Court struck down, on preemption grounds, a similar law passed in Massachusetts. The court’s analysis focused in large part on the extent to which the Massachusetts law was broader than existing federal sanctions, specifically noting that the federal sanctions only covered new investments while the Massachusetts law targeted existing investments as well. Here, the U.S. sanctions do not cover the activities of Odebrecht, S.A., which is a non-U.S. person, while the Florida sanctions would reach those activities.
The press reports on the Odebrecht complaint indicate that the company is making a constitutional challenge to the law, which is an argument based on Congress’s exclusive power to make U.S. foreign policy. The Crosby court dodged the constitutional issue and was decided solely on the basis of preemption. I have to assume that the Odebrecht complaint makes the preemption argument as well or at least will be ultimately amended to make that argument.
NetApp Under Investigation For Spying Equipment Used in Syria
Posted by Clif Burns at 5:44 pm on May 29, 2012
Category: BIS • Syria
A recent story from Bloomberg indicates that California-based NetApp, which manufactures and sells network storage solutions, is under investigation by the Bureau of Industry and Security (“BIS”) in connection with one of NetApp’s storage devices winding up in Syria. The NetApp equipment was made part of a massive system built by Syria’s Bashar al-Assad to intercept and review all email sent in Syria.
According to the story, the Italian company Area SpA, which built the surveillance system, bought the NetApp equipment from one of NetApp’s distributors in Italy. Area then exported the equipment to Syria and incorporated it into the surveillance system.
That in and of itself would not have posed problems for NetApp or led to an investigation. However, the Bloomberg story reports, “workers for Area and NetApp communicated directly, e-mailing each other after the sale about configuring the equipment.” That could indicate that NetApp knew of the sale before it occurred. More likely, if true, these emails might be construed as provision of services to the Syrian government which would have been problematic if they occurred after the Executive Order issued on August 17, 2011, banning export of services to Syria.
A NetApp spokesperson indicated that the company was finishing its internal review of the matter and declined to provide a comment to Bloomberg on the investigation.
Lab Equipment Companies Added to Entity List
Posted by Clif Burns at 7:30 pm on April 25, 2012
Category: BIS • Iran Sanctions • Syria
Last week the Bureau of Industry and Security (“BIS”) added three parties to the Entity List and imposed license requirements for exports, re-exports and in country transfers to these parties for all items subject to the Export Administration Regulations, i.e., items exported from the United States or with certain percentages of U.S. content. The order adding the parties to the Entity List indicated that there would be a presumption of denial for all license applications involving the three parties.
As is typically the case, BIS provides only scant detail about what got these three parties into hot water beyond saying that they had been involved in the transhipment of items to Iran and Syria. Looking at the identity of the parties allows one to make some more reasonable assumptions about what was going on. One of the designated entities was Canada Lab Instruments in Montréal, which describes itself in a business directory as “supplying a wide range of environmental, laboratory, measuring and analytical instruments for researching and educational purposes from the most famous manufacturers.” The second entity, Abou Elkhir Al Joundi, is an individual who owns Canada Lab Instruments and was educated in Damascus, Syria. The third entity was “Masound [sic] Est. for Medical and Scientific Supplies” in Amman, Jordan, which describes itself in a business directory as involved in the distribution of medical and scientific laboratory equipment.
It seems, therefore, reasonable to assume that the three entities were put on the Entity List in connection with shipment of medical and lab equipment from Canada and through Jordan to Syria and Iran. The quantity and value of the shipments, however, cannot be determined and the BIS order gives no indication. This also does not seem to involve items of particular concern to the interests of the United States in Iran and Syria, particular since the medical equipment probably would have been eligible for licenses. But I guess if we are chasing folks for selling nail polish to Iran, everything is fair game.
As a side issue, if BIS wants to put people in jail for future unlicensed exports to the Jordan company, it at least ought to spell the name of the company correctly on the list establishing this license requirement. It’s “Masoud,” not “Masound.”